Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft Windows SDK enables an authenticated low-privileged attacker to elevate to higher privileges by exploiting a use-after-free memory corruption flaw. The CVSS 7.8 (AV:L/AC:L/PR:L) profile reflects local attack with low complexity and low privileges required, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Technical ContextAI
The flaw resides in the Microsoft Windows SDK, the developer toolkit that ships headers, libraries, and runtime components used to build Windows applications. Although the CWE is tagged as CWE-190 (Integer Overflow), the description identifies a use-after-free condition, suggesting an integer overflow that miscomputes an allocation size or reference count and leads to premature freeing of an object that is later dereferenced. Exploiting such a dangling pointer typically yields control over a freed heap chunk, allowing an attacker to corrupt adjacent structures or hijack object virtual tables to achieve code execution in the context of a higher-privileged process linked against the SDK runtime.
RemediationAI
Patch availability per vendor advisory should be confirmed by reviewing the Microsoft Security Response Center entry at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45593 and applying the fixed Windows SDK release once Microsoft publishes the exact build numbers; the input data does not include a specific patched version. As compensating controls until patches are deployed, restrict local interactive and RDP access on developer workstations and build agents to trusted users, enforce least-privilege on accounts that run SDK tooling, and monitor for unexpected child processes or token manipulation by SDK-linked binaries - note that tightening local access can disrupt developer productivity and CI pipelines, so coordinate with engineering teams. Application allowlisting (e.g., Windows Defender Application Control) can further reduce the risk of arbitrary local binaries triggering the vulnerable code path at the cost of additional rule maintenance.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35551
GHSA-7wcr-pr25-7v9h